More than two million stolen passwords used for sites such as Facebook, Google and other web services have been posted online.
The website containing the passwords was discovered by researchers working for security firm Trustwave.
In a blog post outlining its findings, the team said it believed the passwords had been harvested by a large botnet – dubbed Pony – that had scooped up information from thousands of infected computers worldwide.
Often, criminal gangs will use botnets to steal large amounts of personal data, which can then be sold on to others or held to ransom. In this instance, it was log-in information for popular social networks that featured most heavily.
The site – written in Russian – claimed to offer 318,121 username and password combinations for Facebook.
Trustwave said it had notified the sites and services hit prior to posting the blog entry.
Analysis of the passwords by Trustwave showed a familiar picture – the most popular password, found in the database over 15,000 times, was “123456”.
We have repeatedly warned people and businesses not to use simple passwords. In this day and age of Advanced, Persistent Threats (APTS) it is only a matter of time before you will be hacked. Not if.
Here is a list of the most stupid passwords– if you use any of them, then please change them NOW!